Date: 2023-08-17
Accepted
Currently the database is encrypted at rest but unauthorised access to a running database instance could still result in exposure of PII.
We want to encrypt the PII fields to lessen the impact of any breach of the database.
Rails 7 introduced encryption as a feature. It seamlessly encrypts the data on write and decrypts it on read provided you have the master key.
This means that we can encrypt the PII fields in the database without any change to the way we use and display the data.
We will use ActiveRecord Encryption to encrypt the PII fields on a per-model basis.
All environments will require access to the master key to be able to decrypt the PII fields.
See the docs/encryption.md for details on managing the keys.